Blog & News

RMail, RSign Thrive from Australia to Europe

RPost momentum continues through its global distribution channel; sales for RMail and RSign thrive.

“Ingram Micro Cloud is pleased to introduce RPost to the growing and expansive portfolio of cloud services and solutions we provision on Cloud Marketplace UK. Cyber security is a massive focus for us in 2019, and having RPost onboard will only extend this focus to grow to new heights,” states Scott Murphy, Director of Cloud and Advanced Solutions for Ingram Micro UK&I. RPost’s RMail and RSign services are now available through the Ingram Micro Cloud in the USA, Canada, United Kingdom, Netherlands, and Australian markets. Ingram Micro is world’s largest technology distributor.

RPost’s main service platforms are RMail®, with its award-winning Registered Email™ e-delivery proof and email encryption compliance services, and RSign® for simple, legal, and secure e-signatures.

“More and more, companies in Europe are realizing standard email is just not good enough for some important messages, considering heightened regulations, ever more sophisticated hackers, and business interest in more efficiencies. We have now deployed RMail and RSign with more than 1000 companies in 6 countries across Europe, with new customers signing on daily,” states Volker Sommerfeld, Frama Product Manager. “Companies like the SMI Social Medical Institute in Berlin are using RMail to process their clinical data lawfully and fully compliant toward GDPR in Germany.” The Frama group of companies have been managing sensitive data for more than 100,000 customers across Europe for two decades.

RMail® services make it easy to send email encrypted in a way that simplifies life for intended recipients to decrypt — perfect for compliance with privacy rules and to protect client info from eavesdroppers and Internet thieves.

“We see RMail and RSign as important enhancements to our customers’ messaging and document operations, contributing to better security and saving staff time and money. This is a perfect combination of user simplicity and security,” states Daniel Albertsson, Nordic Cloud Manager, Advania. “We are bringing these solutions to our customers across Sweden, and the Nordics.” Advania is a leading Nordic IT-provider serving thousands of multinational enterprises, governments and corporate clients of all sizes with a wide range of IT-services, cloud solutions and support.

RMail services also include certified e-delivery proof, e-signature, secure large file sharing, email imposter protection services and more, all-in-one. Users that install RMail inside their Microsoft Outlook interface can access RSign with one-click, or RSign can be purchased as a stand-alone web service.

RSign® services make e-signing simple and affordable with flexible monthly pricing plans, while including advanced features to transform business operations — sharable templates, custom workflows, real time reporting, and more.

“Customers in regulated industries, as well as businesses large and small, have relied on RPost technologies for more than a decade, for the highest levels of security and compliance with the simplest user experience,” states Lee Welch, Director Cloud Services, ANZ, Ingram Micro. “We are pleased to bring these services, to track, prove, e-sign and encrypt, to our channel partners worldwide, with a variety of service plans to fit any company need.”

RPost partners: please contact Sean Walsh to get started with RMail or RSign. Contact RPost

Not All Email Tracking is Created Equal

If you are sending a zillion newsletter or marketing emails, sure, email marketing platforms make it easy to manage your email list; and many do provide some basic tracking information.

But how reliable is this information? Should it be relied on important business email or important notifications?

No. Why not?

First, many of these email marketing platforms base their tracking on whether images in the email where displayed or not. If you are sending primarily to business readers who predominantly open email in Microsoft Outlook, image tracking is disabled at the recipient end by default.

And… if a recipient opted out to one of your prior emails, unless you take great care to manage opt-out options, they may be opted out of all of your future emails — even the important ones.

And… if there was a transient delivery failure at one point in time, that recipient may be permanently opted out of future email — again, even important ones.

And… if sending to recipients with large ISP email addresses (like Gmail, Yahoo, Outlook.com, etc.) you had better keep in mind, most of these systems are trained to de-prioritize email sent from known email marketing platforms (putting the messages in promotional sub folders of the inbox, likely never to be read).

And further… many advanced email platforms at the recipient are today more zealous in their email blocking, requiring sender domain registration and key systems (DKIM, SPF, DMARC). These may or may not be properly configured in the email marketing platform and if not, may reduce likelihood of delivery to the intended recipient.

Trend Alert: Heightened hacker sophistication has advanced email security, requiring smarter email delivery systems for important email. 

A county tax authority in Virginia recently switched from use of their email marketing platform, for sending tax notices, to RMail Registered Email services. They reported that 30% of recipients claimed non-receipt of the email sent from the email marketing platform and solved this problem by sending via the RMail Registered Email services (watch proof of delivery video).

Were the tax authority messages sent and received, and simply claimed not to have been? Maybe, since these were tax notices. Regardless, the email marketing platform did not provide a deep forensic record that could be shared with the recipient, proving email delivery, content of the message and attachments sent and received, and timestamped forensic metadata as evidence.

If there is consequence where the email can be claimed to not have been received, in any business, RPost recommends sending it as a Registered Email™ message.

Sending as a Registered Email message is simple and provides irrefutable proof (click for free Outlook or Gmail app). The messages are sent from dedicated business email IPs, improving deliver-ability and categorization as business email, and they return a self-contained digital forensic record, providing timestamped and verifiable proof of email delivery including timestamped message and attachment content; for any recipient.

Real estate and property management operators rely on this for irrefutable proof. This service has been identified by the insurance industry as top choice for proof of email delivery for more than a decade and identified as top choice by more than 20 bar / law associations.


To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Today’s Hackers Target Executives with Simple Social Engineering

Today’s hackers are more innovative. Rather than just running up charges on your credit card, they are looking to extort money in exchange for return of your private information or to limit their use of it. For insurance executives, private information often includes emails related to customers and their policies. Data could include confidential information about assets, employees, vendor contracts and bank accounts.

These more innovative hackers hold the private information as ransom. They request a payment or disclose private client correspondence, irreparably lock certain personal photos and files on one’s computer, post private information online for all to see, or sell internet browsing behavior. After receipt of the “ransom” payment, the hacker usually follows through on the promise so as not to endanger the potential of future ransom payments.

Hackers identify profitable targets from online profiles, company websites, and public real estate records. Their research can include more intrusive tactics such as intercepting email correspondence, eavesdropping at public Internet locations, or accessing online accounts.

A main access point for hackers seems to be email. If they gather enough information about you from eavesdropping on your email correspondence, they will be able to, in many cases, gain access to your systems.

The more they learn about you, the more likely they will succeed in extorting a bigger and better “ransom”. In many instances, the FBI recommends paying the ransom because the alternative resolutions are more costly than the cost of the ransom. “The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office.  “To be honest, we often advise people just to pay the ransom.”

How might you mitigate your risk?

1. The best way to avoid a ransomware attack is to encrypt email communications that contain sensitive information. This minimizes opportunities to intercept emails and glean valuable information.

2. Minimize clicking on links from incoming emails if you do not trust the source and recognize the context of the message. The source can easily be masked, so ensure you recognize both the source and the context.

3. Your email account is the gateway to your information – account statements, password reset processes, and more. Ensure you use email account passwords different from your e-commerce website passwords.

One of the simple actions you can take today to thwart these hackers is to ensure that when you send personal email with sensitive information, you send it with RMail®message-level encryption.

RPost’s RMail service provides email encryption that is radically simple for both senders and recipients. The encrypted message contents are delivered directly to the recipient’s inbox, and there is no need for the recipient to open a third-party webpage, create an account, or retrieve the files from another location. To learn more or get started, click here.

——————————–

To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Google AMP Ends Email as a Record of Who Said What When

Wow! It is strange that one still trusts a printed or PDF’d email as a record of who said what when.

Microsoft did its best to make it clear that any email can be easily altered, with a few mouse clicks.

  • For those unaware, try this in Microsoft Outlook: open an email, click Actions, click Edit Message, change the message, save, close, open again, and magic – your email content has forever changed without detection! Watch video
  • You can also read our last blog on e-signatures revolution

But those using G-Suite, Gmail or Outlook Online, for example, often forget that email was meant to be a collaboration tool, editable, and easy to add notations into a received email for later thoughts and reference.

Those that send marketing emails are well aware of how easy it is to send a message where the SAME email displays entirely different message content depending on what email program the recipient has — if they are viewing the HTML (text/html) part of the message or the Plain Text (text/plain) part of the message. Easy to do; the same email says two different things.

And now, Google is introducing to the world a new part of the same email, called the AMP part (text/x-amp-html). (Techies can read more here.)

This alters a standard email as record forever.

This innovation should finally help people realize that unless you do something to preserve a snapshot of the entire message content, including metadata originally sent and received at a point in time, you may not be able to demonstrate that a later printed email (or printed to PDF) is the actual content displayed for a particular recipient at a point in time.

Why?

Google’s new AMP part of the email let’s remote third parties effectively enter your inbox. After you receive and view a message, they can change the content of the message parts so when you refresh, new content displays.

What you see now, is not what you may see next time you open the same email!

This may seem trivial, or very nice for marketers, but imagine you save an email for future reference, and when you revisit it later to remind yourself — or show someone else what the email said — you re-open the email and find the content to be different! Or, you print an email, and then are asked to compare to the original, and the printed version is different than the original you saved!

  • One example Google demonstrates is the sender of an email with special offer, can change the special offer price in the email, days later after you first view it. 

If you feel you might want, at sometime in the future, a record of who said what when by email, send your message using the Registered Email service.

Or, if you receive a message and want to preserve a snapshot of what you received, send a copy to yourself using the Registered Email™ service.

To try this easily at no cost from Microsoft Outlook, Gmail or other email, (click here).

By sending as a Registered Email™ message, you receive an RMail Registered Receipt™ email record that, at any time in the future, can authenticate and reconstruct the original message content, delivery and opening history, and all underlying timestamps and metadata.

Send Registered. Perfect proof, preserved.

Watch for Google’s AMP; which will forever change the perception of your inbox email as a record.

——————————–

To learn more about RPost products, visit www.rmail.com or www.rsign.com 

The E-Sign Revolution and its Evolution

Impressions of e-signatures today still depend on who you ask. Many users report e-signatures today as “a life saver”, but some still think of e-signature services as “scary to use” or “simply not trustworthy”.

What a contrast, depending on who you ask and what services people have been exposed to.

In RPost’s recent customer survey with more than 2,000 corporate respondents, the comment that seemed to sum up the overall e-sign experience in very few words was, “I love it!” Those politicians that passed the Federal ESIGN laws nearly two decades ago would certainly appreciate this favorable feedback attributed to their efforts to define e-signatures as legal.

Today, the data shows nearly half of e-sign users want e-signature services to go beyond simply recording recipient e-signoff, electronically – they look to e-signatures as a way to streamline and automate business processes. This marks the evolution of the e-signature revolution.

Here are three interesting insights from survey respondents:

1. An increasing number of people see e-signatures as a powerful business automation tool. Nearly half (42%) see e-signatures as an opportunity to automate a business processes.

  • – Tip: Try RSign templates (click for video), rules, and static link features; the simplest way to automate e-sign processes.
  • – How does a feature like templates work in practice? Companies send many of the same agreement forms for fill and sign. With an advanced e-signature service like RSign, a company can create reusable and shareable templates with these documents and forms, preparing signature and form fields just once for all future transactions. One can also designate signing roles and orders, reminder options, and more.

2. The most important e-sign features reported were (a) ease of configuring an agreement or form for e-signature using drag-and-drop tools (63%), and equally as important, (b) having timestamped sealed content after e-signature (63%). These were expected results. Interestingly, however, nearly half reported that they enjoy the ability to send for e-signoff **without** the need to configure the document in a web application (45%).

  • – Tip: If you would like to simply attach any document to your Microsoft Outlook or Gmail email message and one-click send for e-signoff, RMail offers the only way to do this. Simply attach your document to email, send via RMail, and your recipients e-sign with a few clicks. (Watch RMail e-sign video )
  • – Alternatively, if you like drag-and-drop e-sign setup for forms, try RSign (click for RSign product tour video).

3. The most important purchase driver for e-sign services was user simplicity, which trumped low cost by a factor of more than 2 to 1. After simplicity, users made purchase decisions based on the robustness of the e-sign record with a timestamped audit trail and visibility of the signoff process including time sent, delivered, opened, and signed. (Techies can read more in RPost patents)

Watch the Tech Essentials e-sign webinar (Click to watch  E-Sign Webinar Recording) to learn more about RMail and RSign e-signature user simplicity, templates, and patented timestamped e-sign audit trail and e-signoff process visibility.

——————————–

To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Try RMail at no cost, with no credit card needed (click for your Gmail or Outlook RMail app).

Ingram Micro Expands its RPost Security and E-Sign Offerings Worldwide

Heightened Interest in Email Security, Compliance, and E-Signature Services Fuels Demand for RPost, Resulting in Ingram Micro Expanding its Global Partnership.

Ingram Micro, the world’s largest technology distributor, and RPost, a leader in email cybersecurity and e-signature software services, announce an expansion of RPost email security, compliance, and e-sign services now available to Ingram Micro channel partners in countries worldwide.

“RPost is unique in that, through one software provider, Ingram Micro is able to make market-leading e-signature and secure messaging services available for all of their partners worldwide,” states Zafar Khan, RPost CEO. RPost services are now available through the Ingram Micro Cloud Marketplaces in countries worldwide: United States, Canada, United Kingdom, Netherlands, and Australian markets.

“We are pleased that Ingram Micro selected RSign currently as its sole e-signature offering in its main European markets and Canada,” adds Khan.

RPost award winning services, RMail®, RSign®, and Registered Email™, are a logical extension for any Microsoft Outlook or Office 365 user as RPost services add simple to use email encryption, e-signatures, secure large file sharing, Registered Email certified e-delivery proof, email open tracking, auditable proof of data privacy compliance, and much more, into the Microsoft Outlook user interface. Customers also access these services with automation using RPost’s Gmail, security gateway, and API offerings.

RPost has worked closely with Ingram Micro over several years to incrementally build RPost’s complete software service portfolio into the Ingram Micro Cloud Marketplaces and into Ingram Micro’s Federated service provider offerings. Business customers have enjoyed these RPost services worldwide for more than a decade.

RPost’s two main product platforms now accessible for Ingram Micro channel partners are:

  • – RSign® services, making e-signing simple and affordable, while including advanced features to transform business operations — sharable templates, custom workflows, real time reporting, advanced document configuration, and more.
  • – RMail® service, making it easy to send email encrypted in a way that simplifies life for intended recipients to decrypt — perfect for compliance with privacy rules and to protect client info from eavesdroppers and Internet thieves. RMail services also include certified e-delivery proof, e-signature, secure large file sharing, email imposter protection services and more, all-in-one.

Users that install RMail inside their Microsoft Outlook interface can access RSign with one-click, or RSign can be purchased as a stand-alone web service.

“Customers in regulated industries, as well as businesses large and small, have relied on RPost technologies for more than a decade, for the highest levels of security and compliance with the simplest user experience,” states Lee Welch, Director Cloud Services, ANZ, Ingram Micro. “We are pleased to bring these services, to track, prove, e-sign and encrypt, to our channel partners worldwide, with a variety of service plans to fit any company need.”

Other RPost products now available through Ingram Micro include:

  • – Registered Email™ service makes it easy to certify e-delivery of time-sensitive notices. Registered Email messages return a Registered Receipt™ email for timestamped proof of delivery, to protect in case of a claim of non-receipt of required notices, disclosure documents, or to support any need to have audit-ready records of what staff transmitted to whom and when.
  • – RMail SG™ security gateway adds automatic encryption through data leak prevention DLP and policy-based content filtering. Automatic actions include sending with all main RMail Functions (send encrypted, send for electronic signoff, send with certified e-delivery proof) with anti-spam, anti-virus, anti-spyware, anti-ransomware, anti-abuse services, among other threat prevention scanning on in-and-outbound email traffic
  • – OTP Messaging™ quantum secure messaging for off-the-grid privacy. Creates a private messaging network using the one-time-pad theory of cryptography for perfect privacy, secrecy, and anonymity in messaging.

Together, Ingram Micro and RPost bring to their customers a complete set of business messaging and document services via the Cloud Marketplaces worldwide, now available in the US, UK, Netherlands, Canada, and Australian markets with additional countries to be deployed as demanded.

Click here if you are interested in following RPost from an investor perspective through its investor relations emails and briefings.

Fake Facebook and Email

Wow! What a beautiful vacation that friend of a friend posted in their Facebook account. It looks like the perfect family vacation; all smiles, all sun, some commentary about the perfect spot…

Is the perfect life of your friends’ friend depressing you? How could their experiences be so perfect, while when you go on vacation, you are hit with reality; some rain, crowded hotels, delayed flights, travel stress, kids complaining…

Well, what you should keep in mind (and should continuously remind yourself) is that what you see online quite possibly could be fake.

The New York Times recently reviewed Facebook’s “Transparency” data and concluded that Facebook took down 2.8 billion fake accounts in the last twelve months. According to the report, the accounts taken down each calendar quarter equate to approximately one third of all Facebook accounts. Could it really be that 1 in 3 Facebook accounts on average are posted by fake people?

It gets more interesting (or scary depending on your viewpoint).

If you tuned into news reports recently, you will see a surge of discussion about fake videos online, called “Deep Fakes”. Tech Essentials explored this in a recent article (read more about Deep Fakes here, “Today’s Fake News will be Quaint in 2020”). Political mis-information campaigns are soon to include videos of what look like famous people and well-known politicians saying things that they really are not saying. These fake videos are extremely authentic looking, easy to make by techy amateurs, and easy to disseminate to the masses.

And then there is fake email. The latest trend is the imposter email that comes to you posing as if it is from your boss or business colleague. This type of email, when sent using sophisticated imposter techniques, is called a “Whaling” email (read more, “$5 Billion Hacker Lottery”). Like Deep Fakes, if done right, these are extremely authentic looking, and often lure the recipient into engaging in a back-and-forth email exchange over a period of time, sometimes ending in a fake invoice being paid, or money being sent to the imposter.

Awareness and detection tools will need to continuously advance to counter these mis-information and hacker threats. Facebook fakes, Deep Fakes, Whaling imposter email and other threats are here to stay.

——————————–

To learn more about RPost products, visit www.rmail.com or www.rsign.com 

Try RMail at no cost, with no credit card needed (click for your Gmail or Outlook RMail app).

Tech Essentials: The Most Popular Insights of 2018

2018 was a busy year in the cyber world; in particular, in the areas where we focus — messaging security, privacy compliance, e-delivery and e-sign productivity.

Our Tech Essentials educational email series has been distributed to more than 15 million business professionals in the United States and Europe, mainly to insurance, legal, investment, real estate, health care, and IT professionals.

We thought you might like to review the most read tech tips and insights from our 2018 originally written editorials.

Creepy Tech and Eavesdropping
Alexa Controls Your House
Fake News will be Quaint

IT Risk and Compliance
Million Dollar Email
Eliminating Email Disputes, or Not

Hacker Insights
Not all TLS is Created Equal
Whaling and the Hacker Lottery

Most Read Published Report – Includes Email Encryption Comparison Charts
Email Encryption Market Considering Privacy Compliance

If you have not been receiving these tech tip emails, please CLICK HERE and our team will see if they can ensure you receive these important technical tips and trends emails so you can stay on top of this dynamically changing area of e-communications in the next year.

Happy New Year.

Zafar Khan
Chief Executive Officer, RPost
Tech Essentials Author

Try RMail at no cost, with no credit card needed (click for your Gmail or Outlook RMail app).

RPost Adds New Security Automation, APCC Top Choice

RPost simplifies total email security, now with a hosted security gateway solution. Customers, especially small businesses, have all of the email threats and compliance requirements of enterprises, but fewer IT staff and smaller tech budgets.

With RMail Security Gateway, now with full service hosted options, business IT staff can simply change an email routing rule and all of their email will have market leading threat protection, data leak prevention, and rules to trigger all or certain messages to be sent via RMail; automatic encryption, RPX AES encryption, certified e-delivery proof, or for recipient e-signoff.

“As technologies advance and threats get ever more sophisticated, encrypting email for privacy compliance is not getting simpler. In fact, it is getting more complicated,” states Steve Anderson, an insurance technology expert & LinkedIn influencer with more than 330 thousand followers.  “Not all TLS is created equal. Not all email one thinks is going by TLS, in fact is transmitted securely.” Learn more about pitfalls with TLS

Insurance agencies, for example, rely on RMail automatic encryption to detect this simplest, secure transmission to each recipient; with each message returning auditable proof of privacy compliance. Now, agency administrators can simply click an option in a web-tool to enable all messages to be sent via RMail encryption, whether sent from an agency management system, or from their email service.

“RMail consistently makes email life easier for business people. Easy, secure, simple, automatic,” adds Anderson. “And, RMail Security Gateway is just another way that RPost does it. RMail Security Gateway is a great option for total encryption automation.”

RMail Security Gateway automates email security with advanced email encryption for privacy compliance, inbound and outbound threat protection, data loss prevention, and more. It includes proof of privacy compliance (GDPR, HIPAA, etc.), with email tracking, certified e-delivery proof, and e-sign productivity built-in. It is the simplest to use, most affordable full featured total security solution for email and documents; fully hosted, completely managed.

Read more about RMail Security Gateway in our PDF Guide.

“RMail SG furthers our mission to think of security in line with productivity. Services should make it easier to do business, all the while focusing on ensuring underlying security and compliance needs are covered,” states RPost CEO Zafar Khan.

Users report adding RMail SG to make it easy to send encrypted from mobile phones, by adding the word ‘encrypt’ to the subject – in particular in the legal sector. Others prefer to create rules to automatically send encrypted to certain recipients, based on message content, or when from certain senders, when privacy compliance is a concern.

RMail has been identified as a top choice for privacy compliance by leading organizations like the Association for Professional Compliance Consultants.

Interested in GDPR Compliance? Download the GDPR Privacy Compliance Guide Here.

Not All TLS is Created Equal

Many, many software service sales professionals throw around security phrases to make cyber security sound simple. Today, as technologies advance and threats get ever more sophisticated, encrypting email for privacy compliance is not getting simpler. The devil (hacker) is in the details.

Here, we will try to (in a simple manner) decipher a commonly referred to catch all for security, TLS, and explain why the details are important. “Not all TLS is created equal. Not all email one thinks is going by TLS, in fact is transmitted securely,” remarks Steve Anderson, an insurance technology expert & LinkedIn influencer with more than 330 thousand followers.

First, what is TLS?

TLS stands for transport layer security. This is a means, in short, of encrypting communications between two participating devices. This is mainly used when you communicate from your web browser to a web server. It’s simple for the browser to display “insecure” connections, pop-up warnings, or disable a page display.

But, with email, there are more challenges.

Sure, if you log-in to Gmail via your Chrome browser, the connection from your device to the Google email server is secured this way.

But what about the email after you hit send, when it leaves Google’s Gmail server onward to the recipient?

This is where “Opportunistic TLS” may or may not be used. It is used with many major email providers (Microsoft Hosted Exchange Office 365, Gmail, etc.) by default.

Sounds secure, right? Maybe not.

Let’s first remind ourselves of the most important part of email for MOST users — that it gets to the intended recipient. Traditionally, whether it seen “only” by that recipient has been an afterthought.

Enter Opportunistic TLS. Here, the sending server, Gmail in this example, tries to send first with a secure TLS email transmission (SMTP) if the “opportunity” presents itself, and second, if it cannot send securely, it reverts to less secure or insecure transmission, automatic, and invisibly.

Sounds pretty good; everyone receiving email surely has the same mindset, and will accept email from Gmail through a secure connection, right?

Wrong.

According to the Gmail transparency report, continuously updated as of today, 88 to 91% of inbound and outbound email to and from Gmail are sent using TLS. This means, typically, more than 10% is sent and received without any security. So, 1 in 10 messages you may send or receive via Gmail simply go out without any security. This is likely similar with Office 365 hosted email.

You might think, well, 1 in 10 insecure isn’t bad. However, consider it could be far worse.

According to the above report, for many recipient email domains, like Charter.net in the USA, Bigpond in Australia, Videotron via Bell in Canada; email to and from these domains to Gmail are never encrypted (0%) and with companies like Amazon, 57% are secured. What about the gazillion smaller companies out there? Do they have better security than Amazon?

And, it gets worse. Here is the big fallacy.

None of these transparency reports make the distinction which of the many TLS connections are considered insecure TLS. Generally, there are versions of with varying security; TLS 1.0, TLS 1.1, TLS 1.2, and now TLS 1.3.

Focusing on TLS 1.0, there are known risks. In particular, a TLS downgrade attack. In short, a hacker can intercept the TLS 1.0 check preceding the server to server communication to trick the sending server into sending the message in an insecure manner. Security professionals have been trying to get IT administrators to upgrade from TLS 1.0 for more than a decade; but use of this still persists, en masse; and typically accounts for more than 15% of all TLS email connections.

So, maybe you are at 10% sent insecure (no TLS) plus 15% sent with a version of TLS with known security issues. Now you have an issue with 25% of your email (1 in 4 emails), at the very least. If you communicate with customers in smaller companies, individuals, the percentage is likely higher.

The problem is, what to do?

Microsoft states in a 2018 blog post, while they will no longer support TLS 1.0, “this does not mean Office 365 will block TLS 1.0 and 1.1 connections. There is no official date for disabling or removing TLS 1.0 and 1.1 in the TLS service for customer [email] connections.”

And, remember, TLS 1.0 is known as not compliant in some circles (i.e. PCI financial compliance standard). What about for HIPAA? PII? NPI? GDPR privacy compliance? If there are known vulnerabilities with TLS 1.0, one would believe they may not be considered a “privacy compliant” means of transmission. Time will tell.

Bottom line:

  1. Microsoft Office 365, G-suite, and other “Opportunistic TLS” systems likely send at least 25% of email with no security or in an insecure, less than a (privacy) compliant manner.
  2. There is no easy fix for these systems, as their option (as Microsoft points out as not desirable) would be to not deliver the email at all; which would cause chaos for senders and receivers. It appears, from their blog post, they prefer to delivery insecure rather than not at all.

What to do: Opportunistic TLS with Auto-Fallback

Add on to Gmail, Office 365, Zimbra, or any email, a simple to use service that, if no TLS is available, or an insecure version of TLS is in place, the communication automatically reverts to an alternative method of email transmission encryption; dynamically and without bothering or burdening sender or receiver.

“RMail consistently makes email life easier for business people. Easy, secure, simple, automatic,” adds Anderson. “And, RMail Security Gateway is just another way that RPost does it. RMail Security Gateway is a great option for total encryption automation.” (Join Steve Anderson’s December 12 webinar on this topic.)

Install RMail onto your existing email program or security gateway, as it has the simplest form of automatic encryption, using secure versions of TLS when available, and when not, reverting to AES 256-bit PDF encryption. The recipient either can view the message received security right in their email program or view it in a PDF if required to maintain security and compliance.

Try RMail at no cost, with no credit card needed (click for your Gmail or Outlook RMail app).

CLICK HERE if you are interested in following RPost from an investor perspective through its investor relations emails and briefings.

To learn more visit www.rmail.com.